osbm/flake
1
0
Fork 0
Code Issues Pull requests Wiki Activity

update vaultwarden

Browse source
This commit is contained in:
Osman Faruk Bayram 2025-10-29 23:49:19 +03:00
parent b33a5f5925
commit 54965b05bf
1 changed files with 47 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

46
modules/nixos/services/vaultwarden.nix
View file

@ -8,7 +8,53 @@
(lib.mkIf config.osbmModules.services.vaultwarden.enable {
services.vaultwarden = {
enable = true;
backupDir = "/var/local/vaultwarden/backup";
# in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file
# be aware that this file must be created by hand (or via secrets management like sops)
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
config = {
# Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
DOMAIN = "https://bitwarden.osbm.dev";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "127.0.0.1";
SMTP_PORT = 25;
SMTP_SSL = false;
SMTP_FROM = "admin@bitwarden.osbm.dev";
SMTP_FROM_NAME = "osbm.dev Bitwarden server";
};
};
})
# vaultwarden reverse proxy via nginx
(lib.mkIf (config.osbmModules.services.nginx.enable && config.osbmModules.services.vaultwarden.enable) {
services.nginx.virtualHosts."bitwarden.osbm.dev" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
})
# impermanence with vaultwarden
(lib.mkIf (config.osbmModules.services.vaultwarden.enable && config.osbmModules.hardware.disko.zfs.root.impermanenceRoot) {
environment.persistence."/persist" = {
directories = [
"/var/lib/vaultwarden"
"/var/local/vaultwarden"
];
};
})
];
}